> This is a bit awkward since the QUERY_STRING in POST > can be anything, for example an XML-documents. .. > Though, how should I deal with, for example, an > XML-document in a POST requests? Where should I > "hide" the transaction identifier?
A post doesn't normally have anything in the QUERY_STRING. Rather a POSTed form has the stuff being sent in the request body, which is read from STDIN by a script. QUERY_STRING is still available for use. Consider this form: form method=post action=myscript.cgi input name=emailaddress The "emailaddress" input would NOT appear in QUERY_STRING, but rather would appear to the script as STDIN, or to another module as the request body. You can still do: form method=post action=myscript.cgi?id=reallyunique input name=emailaddress -- Ray Morris